Discover new mobile phone worms

Security firm F-Secure has discovered a new worm capable of attacking mobile phones in a very dangerous way.

Like previous colleagues, the new worm version Commwarrior.Q infects the phone via a Bluetooth wireless connection. In addition, this worm is also capable of attacking via MMS messaging service or through previously infected memory cards.

Although Commwarrior.Q has not spread on a large scale, but according to Antti Vihavainen, F-Secure's vice president of mobile security, the worm has an alarming way of attack, and is one of the The most complex mobile worm today.

From midnight to 7am Commwarrior.Q will start activating the mechanism of sending MMS messages to addresses stored in infected phones. The worm has the ability to hide very well the source of the message, making people mistakenly believe it is perfectly normal messages.

However, Commwarrior.Q will stop sending messages after 7 am to prepare for the next action, which is to scan and infect other phones within Bluetooth coverage.

F-Secure's warning said Commwarrior.Q will infect any Symbian OS application installation file ("SIS" file). And unlike the previous worms, the SIS file that Commwarrior.Q infects will have a random name, making it difficult to identify. Previous Commwarrior versions have the same name for the infected file.

SIS files are typically 32.1-32.2 KB in size, making it difficult to distinguish them from MMS messages if mobile operators want to use filtering mechanisms.

However, according to Vihavainen, Commwarrior.Q cannot automatically infect the phone but requires a user activation mechanism (by clicking on infected SIS files). After the SIS file is activated, Commwarrior.Q will start running.

According to F-Secure's announcement, Commwarrior.Q infected phones running on the Symbian Series 60 platform using Symbian OS 8.1 or earlier operating systems. When the phone is infected with Commwarrior.Q, there is usually a message (HTML page format) displayed on the screen, something like: "No panic please, is it very interesting to have mobile virus at own phone".

Commwarrior worm was first discovered in 2005, and there have been a number of variants to date. One of the most notable variants is Commwarrior.B, which can send MMS messages continuously, consuming the phone's battery.

F-Secure said that the Commwarrior.Q version does not affect phone data, but the messaging charges will certainly increase significantly because MMS sent deep throughout the night.